Bugzilla – Bug 606
Readability of unbound control key files should not be achieved by ownership
Last modified: 2014-08-25 16:18:09 CEST
The unbound-control-setup documentation says:
The setup requires a self-signed certificate and private keys for both the server and client. The script unbound-control-setup generates
these in the default run directory, or with -d in another directory. If you change the access control permissions on the key files you can
decide who can use unbound-control, by default owner and group but not all users. Run the script under the same username as you have con-
figured in unbound.conf or as root, so that the daemon is permitted to read the files, for example with:
sudo -u unbound unbound-control-setup
I think this advice can be enhanced from a security perspective: the unbound process needs to be able to _read_ the files, not _own_ them, which would imply the ability to alter the contents. Readability (with protection from "other") would best be achieved by using group permissions rather than ownership.
This sort of permissions seem to have a high user-specific preference. (I mean, different people tend to have very different opinions). But what do you suggest I write? I do not really want to get into full 'key management', but a couple of lines could be nice, I guess.